Getting Malware

A place to discuss the implementation and style of computer programs.

Moderators: phlip, Moderators General, Prelates

User avatar
Nebulae
Posts: 593
Joined: Wed Feb 06, 2008 11:20 pm UTC
Location: Anywhere

Getting Malware

Postby Nebulae » Mon Feb 11, 2008 7:58 am UTC

Wouldn't a good way of getting malware be from keygens/warez and such? (I'm pretty sure most of them probably have malware embedded in them right?) After all, why would someone crack something for free without getting something from you in return? Wouldn't you be able to find out the code for it easily then?

Anyway, I know little about programming and nothing about network security or whatever. Is it possible to get infected merely from going to a website? Or just placing it onto your comp from knowing your IP?

++$_
Mo' Money
Posts: 2370
Joined: Thu Nov 01, 2007 4:06 am UTC

Re: Getting Malware

Postby ++$_ » Mon Feb 11, 2008 9:01 am UTC

Nebulae wrote:Wouldn't a good way of getting malware be from keygens/warez and such?
Yes. This is kind of like asking "Wouldn't a good way to get AIDS be to do some illegal IV drugs?"
After all, why would someone crack something for free without getting something from you in return?
For fun, or because they believe in anarchy, or don't believe in copyright.
Anyway, I know little about programming and nothing about network security or whatever. Is it possible to get infected merely from going to a website?
Yes, if your web browser, or any plugin for your web browser, has a bug. Presumably, they all do, but some of the bugs may not be known yet. Using things like Noscript helps, but it's still possible that a bug could create a security flaw. The websites will also try to fool you into doing stupid things, like downloading and running executable files, sometimes in very sneaky ways. For example, it used to be possible for a website to use Javascript to create a fake address bar at the top of your browser. This means that when you type in "www.google.com," it doesn't go into your browser's address bar but into the fake address bar provided by their site. What they really want is for you to type in "download.com," so that they can serve you their fake version of download.com instead, and give you bad versions of files.

And a million other exploits.
Or just placing it onto your comp from knowing your IP?
Not if you have a router or a firewall. Of course, if you open ports in your router/firewall unwisely, then the possibility arises again. It is very important to have a router or firewall; you WILL get nailed if you don't.

User avatar
Nebulae
Posts: 593
Joined: Wed Feb 06, 2008 11:20 pm UTC
Location: Anywhere

Re: Getting Malware

Postby Nebulae » Mon Feb 11, 2008 9:32 am UTC

++$_ wrote:
Nebulae wrote:Wouldn't a good way of getting malware be from keygens/warez and such?
Yes. This is kind of like asking "Wouldn't a good way to get AIDS be to do some illegal IV drugs?"

Hm, well I was reading that thread on the computer virus aquarium strip, and people were asking where to get malware lol

Is there any way to see the code behind .exes btw?

User avatar
Sc4Freak
Posts: 673
Joined: Thu Jul 12, 2007 4:50 am UTC
Location: Redmond, Washington

Re: Getting Malware

Postby Sc4Freak » Mon Feb 11, 2008 11:19 am UTC

In a sense. Get a decompiler, and it'll produce the ASM code. But you can't "decompile" the .exe into C++ or something like that.

But I guess you'd have to be very fluent in machine code or ASM, as well as your CPU architecture and OS, to fully understand an ASM dump of a program.

LikwidCirkel
Posts: 169
Joined: Thu Nov 08, 2007 8:56 pm UTC
Location: on this forum (duh)
Contact:

Re: Getting Malware

Postby LikwidCirkel » Mon Feb 11, 2008 7:55 pm UTC

There tends to be a LOT of malware floating around unregulated P2P services. Try searching for PR0N on any gnutella client.. something that doesn't automatically scan. Limewire works well.

99% of the .exe files, or a few others will be malware. I swear, that even if you search for music, a good portion of the hits you'll get will be malware labeled as porn.

I actually used to save email worms just for the record, but I never executed them.

By far the two best things to search for on Google to find malware are porn and cracks. You'll likely find all sorts of goodies, and possible browser exploits. Just fully enable Java runtime and ActiveX, on MSIE with all security set to minimal, search on Google for porn, cracks, or serials, and I'm sure it won't take long for you to find browser exploits.

User avatar
b.i.o
Green is the loneliest number
Posts: 2519
Joined: Fri Jul 27, 2007 4:38 pm UTC
Location: Hong Kong

Re: Getting Malware

Postby b.i.o » Mon Feb 11, 2008 8:25 pm UTC

++$_ wrote:Anyway, I know little about programming and nothing about network security or whatever. Is it possible to get infected merely from going to a website?


Yes, especially if you have things like JavaScript and/or ActiveX enabled.

Workaphobia
Posts: 121
Joined: Thu Jan 25, 2007 12:21 am UTC

Re: Getting Malware

Postby Workaphobia » Mon Feb 11, 2008 9:32 pm UTC

++$_ wrote:
Or just placing it onto your comp from knowing your IP?
Not if you have a router or a firewall. Of course, if you open ports in your router/firewall unwisely, then the possibility arises again. It is very important to have a router or firewall; you WILL get nailed if you don't.

I always object to this every time I hear it. In my entire technical life I have never heard of a good fundamental reason for a firewall in situations when the local hosts and programs and users are trusted. Sure, it aggregates management at a convenient level, but that's a far cry from convincing me that it's an absolute necessity for safe net-connected activity. Anything that can be blocked through NAT can be blocked by simply refusing the connection, or more accurately, not even bothering to listen to the port in the first place (i.e., not running additional services).
Evidently, the key to understanding recursion is to begin by understanding recursion.

The rest is easy.

HappySmileMan
Posts: 52
Joined: Fri Nov 09, 2007 11:46 pm UTC

Re: Getting Malware

Postby HappySmileMan » Mon Feb 11, 2008 9:53 pm UTC

Workaphobia wrote:
++$_ wrote:
Or just placing it onto your comp from knowing your IP?
Not if you have a router or a firewall. Of course, if you open ports in your router/firewall unwisely, then the possibility arises again. It is very important to have a router or firewall; you WILL get nailed if you don't.

Anything that can be blocked through NAT can be blocked by simply refusing the connection, or more accurately, not even bothering to listen to the port in the first place (i.e., not running additional services).


Many "additional services" ar ebuilt into operating systems, so they're enabled by default and possibly very difficult for the average user to disable, I think saying to something "getting a firewall" will make you a bit more secure is a lot better than telling them to go and disbale services, sicne they're likely to actually bother turning on the firewall (Windows XP has one built in, might not be great, but is DOES close a few possible security holes)

I do find NAT annoying, since it's mandatory by my ISP and enabled at their end, so i can't run a server or get direct bit-torrent connections without getting a "premium connection" (AKA not purposely crippled to make money), but I suppose to any consumers who actually have access to the settigns of their own internet connection it'd be fine

LikwidCirkel
Posts: 169
Joined: Thu Nov 08, 2007 8:56 pm UTC
Location: on this forum (duh)
Contact:

Re: Getting Malware

Postby LikwidCirkel » Mon Feb 11, 2008 11:18 pm UTC

HappySmileMan wrote:I do find NAT annoying, since it's mandatory by my ISP and enabled at their end, so i can't run a server or get direct bit-torrent connections without getting a "premium connection" (AKA not purposely crippled to make money), but I suppose to any consumers who actually have access to the settigns of their own internet connection it'd be fine
Just curious ... Are you sure that it's on their end? My ISP does it through custom firmware on their modems, and restoring the factory firmware is trivial, as long as you figure out what IP they set the modem to. I've heard that it's a little tricky to portblock on the ISP's end, so this is common practise. I've been running ssh and ftp servers for months, and haven't been caught yet.

HappySmileMan
Posts: 52
Joined: Fri Nov 09, 2007 11:46 pm UTC

Re: Getting Malware

Postby HappySmileMan » Tue Feb 12, 2008 6:04 pm UTC

LikwidCirkel wrote:Just curious ... Are you sure that it's on their end? My ISP does it through custom firmware on their modems, and restoring the factory firmware is trivial, as long as you figure out what IP they set the modem to. I've heard that it's a little tricky to portblock on the ISP's end, so this is common practise. I've been running ssh and ftp servers for months, and haven't been caught yet.


Well all the connections go through a proxy, so many people on this ISP have the same IP address, so yes it'd have to be on their end, I couldn't open up ports on the proxy and if I did that''d leave them open for a lot of people. Unless I'm seriously getting something wrong here.

++$_
Mo' Money
Posts: 2370
Joined: Thu Nov 01, 2007 4:06 am UTC

Re: Getting Malware

Postby ++$_ » Tue Feb 12, 2008 6:37 pm UTC

Silver2Falcon wrote:
++$_ wrote:Anyway, I know little about programming and nothing about network security or whatever. Is it possible to get infected merely from going to a website?


Yes, especially if you have things like JavaScript and/or ActiveX enabled.
You quoted the wrong person.
Workaphobia wrote:
++$_ wrote:
Or just placing it onto your comp from knowing your IP?
Not if you have a router or a firewall. Of course, if you open ports in your router/firewall unwisely, then the possibility arises again. It is very important to have a router or firewall; you WILL get nailed if you don't.

I always object to this every time I hear it. In my entire technical life I have never heard of a good fundamental reason for a firewall in situations when the local hosts and programs and users are trusted. Sure, it aggregates management at a convenient level, but that's a far cry from convincing me that it's an absolute necessity for safe net-connected activity. Anything that can be blocked through NAT can be blocked by simply refusing the connection, or more accurately, not even bothering to listen to the port in the first place (i.e., not running additional services).
You are absolutely right, but for most people, the alternatives are having a firewall, or having no protection whatsoever. The latter is epic fail, so for most people, a firewall is the best choice. Turning off individual services takes time and technical know-how.

That said, on my linux boxen, I just don't run the services. On Windows there's already a firewall installed, and it's pretty decent, so why not just use that?


Return to “Coding”

Who is online

Users browsing this forum: No registered users and 8 guests